9feeaa79c8
- Add services/auth/app/config.py with JWT_PRIVATE_KEY and JWT_PUBLIC_KEY (Auth Service local config - private key never leaves this service) - Update routes.py: sign tokens with RS256 private key - Update deps.py + verify.py: verify tokens with RS256 public key - Update shared/config.py: replace JWT_SECRET/JWT_ALGORITHM with JWT_PUBLIC_KEY (for optional local verification by other services) - Add sys.path fix in main.py for local dev without PYTHONPATH
27 lines
937 B
Python
27 lines
937 B
Python
"""Auth Service — local configuration.
|
|
|
|
Contains secrets that ONLY the Auth Service needs (e.g., JWT private key).
|
|
These are NOT in shared/config.py to prevent other services from accessing them.
|
|
"""
|
|
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class AuthSettings(BaseSettings):
|
|
# RS256 private key (PEM format). Used to SIGN JWTs.
|
|
# Only the Auth Service has this. Generate with:
|
|
# openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
|
|
# Then set the env var (newlines as \n):
|
|
# JWT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEv..."
|
|
JWT_PRIVATE_KEY: str = ""
|
|
|
|
# RS256 public key (PEM format). Used to VERIFY JWTs.
|
|
# Derived from the private key:
|
|
# openssl rsa -in private.pem -pubout -out public.pem
|
|
JWT_PUBLIC_KEY: str = ""
|
|
|
|
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8")
|
|
|
|
|
|
auth_settings = AuthSettings()
|